Archive for June, 2008
Ruby vulnerabilities
There are already plenty of people talking/screaming/crying about the recent bugs found in the Ruby programming language:
The list of CVEs created to track these bugs:
The funny thing is, these vulnerabilities were created in the run-time implementation of Ruby, which is itself written in C. So it’s really not all that surprising, considering how hard it is to write secure, large, bug-free C programs.
Classic insider threat example
IT director gets fired. IT director still has remote access to company network. IT director deletes a bunch of stuff and causes some damage.
This is a cut and dry example of why the insider threat is such a major issue. I guess some companies need to learn the hard way: Disable all accounts belonging to terminated employees; if it’s an admin (or the IT director), change all the root passwords as well. Of course, this implies that a company has to keep track of all the accounts an employee might have, which is not easy. The important thing to remember is that this is more of a people/policy challenge than a technical one.
No comments
